Hi all, I'm new to ModSecurity and wanted to try it out by installing Nginx 1.10.2, latest ModSecurity (master branch), with latest CRS (v3.0/master branch).
With the default settings on, I tried to send an attack request and expected to see it blocked. So I sent the request below to the demo application GET http://172.17.0.1/?param=";><script>alert(1);</script> and it responded with 200 OK (which is okay since it's in detection only mode by default), but I expected to see the error "Inbound Anomaly Score Exceeded (Total Score: 5)" in the audit log. There is no such message, but other rules have triggered as I expected. I attached the complete log of the HTTP GET request. Could you give me guidance what am I missing? -- Üdvözlettel, Búza Géza -- Üdvözlettel, Búza Géza
mod_security_audit.log
Description: Binary data
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
